API security firm Wallarm unveiled its API ThreatStats Report for Q3 2024, revealing critical insight into the increasing number of API vulnerabilities and breaches impacting industries worldwide. The report confirms the trend of increasing numbers of API vulnerabilities, across sectors, as well as an escalating threat landscape that targets APIs due to their accessibility and valuable data.
“During this quarter, we saw a surge in API-related security flaws across a wide range of industries, reminding us that API security is a truly horizontal problem,” said Ivan Novikov, the CEO and co-founder of Wallarm. “Additionally, we found that 32 percent of vulnerabilities are tied to cloud-native software—a clear indicator that cloud infrastructure and its associated APIs are becoming an increasingly attractive target for cybercriminals. This trend underscores the need for robust security solutions, particularly as organizations continue migrating critical operations to the cloud.”
Wallarm’s researchers uncovered a 21 percent increase in API vulnerabilities from Q2’24, with an average common vulnerability scoring system (CVSS) score of 7. Many scored 7.5, indicating high severity and reflecting the ease with which threat actors can exploit API issues. The growth in discovered vulnerabilities highlights the expanding threat landscape, where APIs remain a primary target for cyberattacks across multiple sectors.
Key insight included:
- Client-side API vulnerabilities exposing hidden risks not covered by the OWASP API Top-10.
- API misconfigurations amplifying breach scale.
- APIs being a common weak link across diverse industries.
- The integral role of API security in AI systems.
The increase in API vulnerabilities emphasizes the urgency for businesses to stay vigilant and invest in comprehensive API security measures. Wallarm’s solution unifies best-in-class API protection and real-time blocking to protect the entire API and web application portfolio in multi-cloud, cloud-native and on-premise environments, empowering organizations to defend against growing threats.
To download the full API ThreatStats Q3 2024 Report, visit here.